RESOLVED FIXED 155922
Update treatment of invoking RegExp.prototype methods on RegExp.prototype. 
https://bugs.webkit.org/show_bug.cgi?id=155922
Summary Update treatment of invoking RegExp.prototype methods on RegExp.prototype.
Mark Lam
Reported 2016-03-25 22:44:39 PDT
In r198698, for the purpose of enabling feature testing, I changed the RegExp.prototype flag property getters to always return undefined instead of throwing when "this" is not a RegExp object. However, for the purpose of feature testing, we only need to apply this change for the cases where the getters are called on the RegExp.prototype itself. If called with any other "this" values that is not a RegExp object, they should throw a TypeError as the ES6 spec expects.
Attachments
proposed patch. (9.22 KB, patch)
2016-03-25 22:48 PDT, Mark Lam 		ggaren: review-
DetailsFormatted DiffDiff
proposed patch. (19.97 KB, patch)
2016-04-14 10:47 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch: rebased to ToT. (19.99 KB, patch)
2016-04-14 10:52 PDT, Mark Lam 		keith_miller: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-03-25 22:48:18 PDT
Created attachment 274977 [details] proposed patch.
Geoffrey Garen
Comment 2 2016-03-26 09:21:14 PDT
Comment on attachment 274977 [details] proposed patch. r=me
Geoffrey Garen
Comment 3 2016-03-26 09:22:37 PDT
Comment on attachment 274977 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=274977&action=review > Source/JavaScriptCore/runtime/RegExpPrototype.cpp:249 > + if (thisValue == exec->lexicalGlobalObject()->regExpPrototype()) > + return JSValue::encode(jsUndefined()); Actually, you should check inherits(RegExpPrototype::info()) instead. There's no reason to tie this to a global object.
Mark Lam
Comment 4 2016-03-28 15:09:02 PDT
I'm going to hold off on implementing this for now. This issue is being discussed at https://github.com/tc39/ecma262/issues/262?, and there doesn't appear to be an agreed on solution yet.
Mark Lam
Comment 5 2016-03-29 14:08:31 PDT
For the record, Chrome is only special casing RegExp.prototype and returning undefined for it (see https://github.com/v8/v8/blob/master/src/js/regexp.js#L1091). For everything else, it throws the ES6 spec'ed TypeError.
Mark Lam
Comment 6 2016-04-13 17:50:43 PDT
From a recent TC39 meeting, we were told that "the committee also agreed to Daniel Ehrenberg’s pull request #262 (https://github.com/tc39/ecma262/issues/262), slides. Daniel will write up the details. The end result is that we will no longer throw for “RegExp like” accesses to RegExp.prototype, e.g. RegExp.prototype.sticky. In the case of individual flags, we return undefined. For .flags, .source and .toString(), we return what we do now, “”, "(?:)" and /(?:)/“ respectively. RegExp.prototype however IS NOT an instance of RegExp."
Radar WebKit Bug Importer
Comment 7 2016-04-13 17:54:36 PDT
<rdar://problem/25717387>
Mark Lam
Comment 8 2016-04-14 10:47:01 PDT
Created attachment 276403 [details] proposed patch.
Mark Lam
Comment 9 2016-04-14 10:52:59 PDT
Created attachment 276404 [details] proposed patch: rebased to ToT.
Keith Miller
Comment 10 2016-04-14 10:59:25 PDT
Comment on attachment 276404 [details] proposed patch: rebased to ToT. r=me.
Keith Miller
Comment 11 2016-04-14 10:59:49 PDT
Did you run benchmarks on this?
Mark Lam
Comment 12 2016-04-14 11:08:55 PDT
(In reply to comment #11) > Did you run benchmarks on this? No. But the only changes in this patch are on error paths. If these results in a perf regression, then we have a serious problem with code cache lines. If it's ok with you, I'll put UNLIKELY() on the "if (!thisValue.inherits(RegExpObject::info()))" checks, and just monitor the perf bots for regressions.
Keith Miller
Comment 13 2016-04-14 11:10:11 PDT
(In reply to comment #12) > (In reply to comment #11) > > Did you run benchmarks on this? > > No. But the only changes in this patch are on error paths. If these > results in a perf regression, then we have a serious problem with code cache > lines. > > If it's ok with you, I'll put UNLIKELY() on the "if > (!thisValue.inherits(RegExpObject::info()))" checks, and just monitor the > perf bots for regressions. Seems reasonable.
Mark Lam
Comment 14 2016-04-14 11:17:02 PDT
Thanks. Landed in r199545: <http://trac.webkit.org/r199545>.
Note You need to log in before you can comment on or make changes to this bug.